Creating a strong cybersecurity infrastructure is becoming a top priority for businesses around the world. Since the switch to remote working, cybersecurity attacks have increased dramatically and cost businesses millions of dollars. A IBM Report 2020 found that it takes an average of 280 days for a business to identify and contain an attack. This causes disruption, limited operational capacity, damage to reputation and legal consequences for businesses.
Most businesses believe they are safe because they don’t view their data as valuable. Thus, they neglect the importance of putting cybersecurity measures in place. It ends up costing them more than they would have spent if they had proactively invested in a cybersecurity prevention plan.
As evidenced by the recent ransomware attack from Kronos, one of the largest payroll service providers, restoring services can take weeks or months. Ransomware attacks are one of the most common and costly threats an organization faces, costing businesses on average $ 4.44 million. Indeed, the attacks do not only affect the targeted company, but all the people who use their service or who are connected to their database. Kronos admitted he was unsure of when he would be able to restore services for his clients. As such, they urge their clients to research other payroll service providers. As a result, thousands of companies find it difficult to pay their employees because they cannot access their Kronos HR software. Thus, they are forced to estimate employee hours and resort to manual methods of time tracking.
Here are four ways businesses can strengthen their cybersecurity measures to prevent an attack.
Create a backup plan to diversify sensitive information
The majority of businesses have moved from storing their data on premises to implementing private cloud storage solutions. Due to the rapid adoption of remote working, more and more companies are migrating their data to the cloud. Although cloud services are a cheaper and more efficient alternative to data storage, companies need to make sure they have security measures in place with encryption protocols. This makes hacking a laborious task that deters malicious actors from gaining access to company data. The goal of malicious actors is to gain access to confidential and sensitive data that allows them to commit fraud, identity theft or demand ransoms in exchange for the return of the data, to name a few. -a.
Some types of data of particular interest to hackers are:
- Personally Identifiable Information (PII) such as salary data, social security numbers, dates of birth, employee dependent information, employee records, etc.
- Customer / customer information such as credit card information
- Confidential business information such as credit card information, passwords, programs, use of company system to attack other computers, financial information, etc.
Attacks can occur in the form of:
- Malware (viruses, Trojans, spyware)
- Denial of service attack (DOS)
Eden Cheng, co-founder of PeopleFinderFree, emphasized, âDiversification is essential when it comes to data storage. Additional data backups help protect businesses should something happen to primary data sources. She explained, “This involves keeping at least three copies of the data, two of which are stored on separate media formats like an immutable storage bucket as well as cloud storage servers. The third copy is either stored offsite / offline using hard drives or just using another cloud storage provider. This ensures that business operations continue to run uninterrupted, while eliminating the risk of sabotage that could destroy all of your backups.
Prioritize and increase cybersecurity efforts
A common misconception among businesses is that cybercrimes are only committed by external actors. However, the data shows that 64% of cyber attacks come from internal sources. This is because unauthorized people have access to inside information, are not trained on how to recognize phishing attempts, a poor or no cybersecurity culture, and cybercrimes are not taken seriously.
An effective cybersecurity plan is not the sole responsibility of the IT department. It is the collective effort of all. Everyone, regardless of their position or title, plays a key role in the security of the organization and the security of confidential customer information. The more secure and proactive businesses are in preparing for an attack, the better able they will be to handle it. In an ideal world, a business wouldn’t face attacks, but cybercrime has increased dramatically since the start of the pandemic and will only continue to increase as technologies evolve.
Here are the things a business should take into account when building their cybersecurity infrastructure:
- An incident response team that includes team members such as IT, legal counsel, human resources and a communications manager, to name a few
- A preventative plan that includes a process of how to approach an attack rather than scrambling at the last minute to respond only costs businesses more time
- Establish a communications plan to let those affected know what happened and what the company is doing to mitigate the attack. Those who should be notified include the board of directors, customers, employees and suppliers.
- Reference NIST as they build their cybersecurity infrastructure
- Invest in a cybersecurity insurance policy
- Hire a cybersecurity expert to perform a thorough audit of all systems, identify weaknesses and gaps, and make recommendations. They will also be able to rank systems according to their level of risk.
- Make sure a backup plan is in place rather than relying entirely on third-party vendors
Evaluate their suppliers and third parties
As Kronos demonstrated, third-party vendors are vulnerable to vulnerabilities. For this reason, companies must exercise due diligence to ensure that the vendors they work with have strong data privacy and security measures in place as well as a cybersecurity infrastructure. They can do this by first identifying all the vendors they work with, learning what cybersecurity measures these vendors currently have in place, and putting in place a plan to frequently assess and evaluate vendors.
When hiring a cybersecurity expert, companies need to do due diligence to verify that the person they intend to hire is well qualified based on their certifications and experience. The worst thing a business can do is hire the cheapest cybersecurity professional regardless of their reputation or credentials.
Building a culture of cybersecurity
Creating a culture of cybersecurity is a deliberate and intentional approach where every worker is aware of their responsibility to keep the business safe. It is more than implementing policies. It’s about making sure every employee is doing their part to prevent breaches, leaks and attacks by training and educating workers on how to report threats and attacks, and how to secure equipment and devices. .
Lockheed Martin is doing an incredible job of creating a culture of cybersecurity through the implementation of its âred teamâ. The goal of the red team is to conduct cybersecurity assessments. This is done by simulating attacks on employees to see how they react and to test the effectiveness of the company’s network security. Employees who click on unrecognized attachments or links sent by the disguised Red Team member will be redirected to cybersecurity training to refresh their knowledge on how to protect data.